pom.xml update suggested: com.fasterxml.jackson.core:jackson-databind ~> 2.8.11.1.
今天在Github.com上传代码时,显示
Known high severity security vulnerability detected in com.fasterxml.jackson.core:jackson-databind < 2.8.11.1 defined in pom.xml.
pom.xml update suggested: com.fasterxml.jackson.core:jackson-databind ~> 2.8.11.1.
翻译成中文:
在com.fasterxml.jackson.core中检测到已知的高严重性安全漏洞:
在pom.xml中定义的jackson-databind <2.8.11.1。
建议使用pom.xml更新:com.fasterxml.jackson.core:jackson-databind~> 2.8.11.1。
故将Jackson的依赖改为2.9.9
<properties>
<jackson.version>2.9.9</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
</dependencies>
这样问题便可以解决了,终究还是版本太低造成的。